Has Facebook Finally Gone Too Far?

Among users of Facebook and other social networks, over half post personal information that could put them at risk, according to Consumer Reports. Facebook applauds Consumer Reports' work on behalf of consumers; however, privacy advocates are giving the site a lot of heat for some of the changes it made to its network recently.

By Renay San Miguel
May 5, 2010 7:00 AM PT

Where's the fault in making "share" the default setting on Facebook? After all, people who have read 10 years' worth of scary headlines about email viruses, Internet scams featuring Nigerian princes and phishing websites seem eager to give up their likes, dislikes, kids' names, embarrassing photos and vital statistics to an audience of a half-billion on the world's largest social network.

However, following the announcement of its new Open Graph platform at its f8 developer conference two weeks ago, Facebook has heard its critics get louder regarding its apparently cavalier view of its members' data. That chorus now includes voices emanating from both the blogosphere and mainstream media, along with consumer groups, privacy advocates and members of Congress. The latest harsh spotlight comes courtesy of Consumer Reports, which released a survey Tuesday showing that more than half of those polled are engaging in behavior on Facebook and other social networks that puts them at risk for identity theft and Web harassment.

Some of the survey highlights -- or lowlights, if you're a social network user or executive:

22 percent weren't thinking about the security of third-party apps they downloaded on Facebook;

Nearly 10 percent were victims of online harassment, abuse or misuse of their account last year, based on information they had freely divulged.

Now with Open Graph, the profile information where all that data resides on Facebook is cast out into the wider Internet, thanks to the new platform's ability to share that data with a single line of HTML code and a "Like" button.

Where's the Privacy?

Facebook apparently didn't do a good enough job alerting its users to all those new, potentially dangerous possibilities. Reporters, columnists and bloggers seem to be picking up the slack in educating social network users about what privacy settings they should select or de-select if they want to keep that Profile data from hitting the open Web road. A quick search of the latest Facebook/Consumer Report survey headlines on Google News turns up examples like "Internet Security 101: What Not to Post on Facebook," "Why Facebook Users Need Protection," "How to Opt Out of Facebook's Instant Personalization" and "Seven Things You Need To Stop Doing On Facebook."

For its part, Facebook says its applauds Consumer Reports' work on behalf of consumers, but the results only tell one side of the social media story. "While we believe the study released today focuses only on the perceived risks of social networking without acknowledging the many benefits, we agree that individuals should be thoughtful and responsible when they post content to Facebook," company spokesperson Andrew Noyes told TechNewsWorld. "We devote significant resources to helping people protect their accounts and making good online decisions, and we would welcome the opportunity to work with Consumer Reports to further these efforts."

Noyes pointed to a partnership with McAfee for antivirus protection and other defensive measures like automated tools and educational efforts to protect against security threats. "We also encourage users to customize their privacy settings, and we are glad to see evidence that they are doing so for Facebook profiles and third-party applications."

Yet Noyes and Facebook also make it clear that they appear to be committed to Open Graph. "Game-changing innovation always causes concern. The growth and popularity of automobiles and telephones created new opportunities for thieves and scammers."

More Education, Please

That may indeed be the case, but Facebook's critics may not be happy with the comparisons between unlocked cars and phone-based fraud to scattering personal information to the four corners of the World Wide Web. Several articles and posts by noted technology and privacy advocates are gaining traction. Notable criticisms include a Deeplinks blog post by the Electronic Freedom Foundation's Kurt Opsahl titled "Facebook's Eroding Privacy Policy: A Timeline" that tracks the evolution of the company's thinking regarding personal data from "a private space for communication with a group of your choice" to "a platform where much of your information is public by default."

Noted Microsoft researcher danah boyd critiqued Facebook's privacy policy at the recent WWW Conference in Raleigh, N.C. Endpoint Technology founder and president Roger Kay wrote a column for Forbes.com, "Frenemies With Facebook," that came with a provocative sub-heading: "When the social network makes billions, will we curb our willingness to bare all?"

Facebook has reached a sort of crisis moment, Kay told TechNewsWorld, "since they've been very aggressive about forcing users to opt out." Yet that doesn't necessarily mean he thinks Facebook should be more aggressive with educating its users about privacy settings. "I don't think it's any moral point they have. I do think they have a responsibility to their shareholders not to anger their subscribers so that they ruin their business model. So that means there's some level of responsibility, but not a moral point. It's more commercial. If they manage their relationships with their users badly, and they opt out," then that will mean less user data available, and less value to advertisers and other sources of revenue for Facebook," Kay said

The Media's Responsibility

University of Washington digital media instructor Kathy Gill was at the WWW conference in Raleigh, where she listened to both boyd and "father of the Internet" Vinton Cerf talk about the dangers to privacy in the 21st century. The media, she believes, should continue its ad-hoc educational campaign regarding privacy settings.

Gill recalled her frustration when she personally experienced the new personalization initiative launched by Facebook after f8.

"I thought I knew through analysis what was going to happen when I was rolled in, and I had a visceral response," Gill told TechNewsWorld. "It blew me away. Hearing about it and seeing it are two different things. Every word I had in an activity list, ever word in an interest list was now a hyperlink to a Facebook page that somebody is going to contain everybody in Facebook that has that same word in their profiles, and that freaked me out."

The user interface is not member-friendly, she said -- the kind of thing that has generated Facebook groups critical of past privacy changes. However, she also acknowledges that while there should be some kind of user blowback about Open Graph, there probably won't be.

"I wish the answer was yes," Gill said. "Most people don't use Facebook the way we use it," referring to those who might be more tech-savvy. "In order to generate some sense of outrage about the changes, you need to mobilize the people who aren't using the service very much if you're looking at mobilizing by numbers. The average American seems not to understand security and privacy issues. Even people who are more tech savvy don't necessarily understand."